The present invention relates to database technology, and more specifically, to access control for a database.
Database Management System (DBMS) is widely used to manipulate and manage databases. Users can access data stored in a database through the DBMS. The DBMS enables an application or a user to setup, query, or modify the data in the database. The DBMS can provide Data Definition Language (DDL) and Data Manipulation Language (DML) for the user to define the database and implement data insertion, data deletion, data update, and data selection.
The database can organize and store data in the form of a table, which is also referred to as “table”. Generally, a row of the table represents a record of data, and a column of the table represents information or attribute of the table. The record usually has a primary key as identification information for identifying the record uniquely, and can be accessed via the primary key.
Database security is very important in the management of database, especially the security of data in the database. Access control is a kind of approach for protecting the data stored in the database from being accessed by an unauthorized user or application.
One conventional access control technique is column mask. In the column mask technique, some columns of the table can be covered, and thus the user or application cannot access these columns if the user or application is not authorized. Another conventional access control technique is row permission. In the row permission technique, some rows can be covered, and thus the user or application cannot access these rows if the user or application is not authorized.